Hey, User! Do You Know What Your Apps Are Up To?

It’s International Data Privacy Day, not that most people would likely know that — or, some would argue, care. And therein lies the rub. Privacy, we are constantly told by those with their hands on the levers of power, is not something users are bothered about.

Thing is, that’s an exceptionally convenient argument — given how much money there is to be made from amassing vast troves of user data. So I just don’t buy it. Not whilst so many tech companies’ purpled hands still reek and smoke on the security and privacy front.

Perhaps the truth is not so much that people don’t care about privacy, but they are being socially engineered not to care by those with a vested interest in getting their hands on the data. Just think of the lengthy T&Cs and EULAs that digital consumers have been encouraged to ignore for years. And which still routinely go unread almost every time a person downloads an app or signs up to a digital service.

Suspending privacy concerns has become the tacit ‘payment’ exacted from consumers for accessing a ‘free’ service. Which of course means the service is not actually free. But that doesn’t mean people don’t care about privacy, more that they are being encouraged to trade it — to think of privacy as a currency which buys them digital access. To engage in a transaction.

The wider problem then is that consumers are also being socially engineered not to scrutinize the exact cost of each of these transactions, given it is almost never made plain to them. (Not to mention that the ‘cost’ is not fixed — it can shift with every service update.) Consumers are encouraged not to ask whether they are getting value for money for trading away their privacy. Nor question how much data they are really handing over, and whether they are comfortable with that particular trade.

So giving up their own privacy also, ironically, requires that consumers do not to pry too deeply into the motivations of the entity asking for that data. To accept the transaction on trust.

This ‘privacy for blind access’ trade is a one way street. And, in many cases, a very bad deal.

To illustrate both the transactional nature of privacy and how left in the dark consumers can be about the exact app permissions they are agreeing to when they tap ‘I agree’, the makers of encrypted communications software and hardware, Silent Circle and Blackphone, have put together the below video — which attempts to shed light on how extensive and unacceptable some app permissions can be.


And in comments made today regarding the recent Sony hacks, Silent Circle co-founder Phil Zimmerman — who is also the creator of PGP — urged businesses to start to recognize there is distinction between locking down corporate security and safeguarding individual privacy. And that respect for the latter can help secure the former.

Zimmerman said:

Many kinds of information don’t need to be stored for long, or at all.  If only participants keep a copy of their correspondence the company can’t lose it.  Imagine how much worse the damage of a security breach would be if companies routinely kept years of recordings of all employees’ phone calls.

Protecting the privacy of individuals is why I started PGP, and why Mike and I started Silent Circle.  But at Silent Circle we’ve come to realize that protecting individuals at work may be the strongest form of corporate security possible.

In the wake of massive corporate data breaches such as the Sony hack, and continued discoveries of major security holes in digital infrastructure, such as last year’s Heartbleed — and of course with the ongoing drip-feed of Snowden revelations, illuminating the vast scale of government dragnet digital surveillance programs — there is a gathering momentum to tighten digital security (and that means there is, yes, fresh opportunities for startups).

And as more pro-privacy businesses and organizations work to illuminate the risks and repercussions of all these apparently incremental privacy trade-offs, expect consumers to start to appreciate where the value really lies.

And to transact accordingly.